A flaw was found in the linux kernels implementation of DCCP protocol in which a local user could create influence timing in which a skbuff could be used after it had been freed by the kernel. An attacker is able to craft structures allocated in this free memory will be able to create memory corruption, privilege escalation or crash the system. An attacker must have a local account access on the system, this is not a remote attack. An attack requires IPV6 support to be enabled in the system.
There's no upstream release containing the fix yet.
Fix present in
Author: Justin Lecher <firstname.lastname@example.org>
Date: Sat Feb 25 10:45:17 2017 +0000
sys-kernel/aufs-sources: Bump to latest aufs, genpatches and linux release fixes CVE-2017-6074
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Signed-off-by: Justin Lecher <email@example.com>
Upstream fix in 4.9.13
Currently, only other upstream branch with a fix looks like 4.4.y
$ git tag --contains a95df078e86624ee330e82aad34cfd3b5fcf21ce
Fix for other longterm branches (upstream) don't appear to be in-tree yet.
Upstream 4.10.y branch (any/all post-RC versions) contains the original version which is backported by genpatches-4.9-14
$ git tag --contains 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
sys-kernel/ck-sources: CVE-2017-6074 (fixed by genpatches 4.9-14 / linux 4.10)
Fixed in 4.10, 4.9.13